.NET Core - RequireHttpsAttribute causes ERR_TOO_MANY_REDIRECTS on Ubuntu with Apache2

Question

Using .NET Core 2.0 if I follow the official documentation to enforce HTTPS the website fails to load with the error ERR_TOO_MANY_REDIRECTS.

Steps to reproduce:

1. Create new .NET Razor App: dotnet new razor -o aspnetcoreapp
2. Add the two snippits of code from documentation detailed here: https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.0
3. Deploy to Apache2 running on Ubuntu 17.10 (not tested on older versions) where conf passes connection to Kestrel server using this code:

ProxyPreserveHost On ProxyPass / http://127.0.0.1:5001/ ProxyPassReverse / http://127.0.0.1:5001/

If code from step 2 is removed then the website works fine over HTTP or HTTPS (but obviously does not redirect) but if this code is added the site fails to load with ERR_TOO_MANY_REDIRECTS over either HTTP or HTTPS. It seems the methods have changed with .NET Core 2.1 but this has not yet been released.

Answer 1

You've set your passthrough as http, rather than https. Apache here is running as a reverse proxy, so it simply forwards the request on to your passthrough server(s), which it will always do over http, based on your config here. Then, since the ASP.NET Core app is configured to require HTTPS, it redirects, causing a new request to hit Apache, which it then forwards again over http.

Long and short, you need to passthrough to https, not http. Alternatively, you can remove the HTTPS-only requirement from your ASP.NET Core app, and instead enforce HTTPS in Apache.